Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malewarebytes


  • This topic is locked This topic is locked
54 replies to this topic

#1 irvineboy

irvineboy

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 27 March 2017 - 01:13 PM

I recently started getting blue screen pretty frequenty on my laptop.  It is running Windows 7 64-bit.  I notice that a bunch of strange programs like Video Abductor would get installed randomly, that I would have to manually delete via the "uninstall program" in control panel.  Some could not be deleted as it said I do not have administrator rights, so I would use Revo Uninstaller (someone suggested to use) to remove.

 

I have Anonymizer Gadget installed but I cannot uninstall it via Control Panel or Revo.  It doesn't show up.

 

I tried running Malewarebytes but it says "The requested resource is in use"  It has a big red X.  Did Anonymizer Gadget or whatever virus I have disable it?


Edited by irvineboy, 27 March 2017 - 02:11 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 irvineboy

irvineboy
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 27 March 2017 - 01:27 PM

Now its having trouble booting up.  Everytime I reboot into regular windows mode, it will blue screen.  It's a vicious cycle that will not allow me to run in regular mode.

 

I go to safe mode with networking and download adwcleaner and malewarebytes but it will not install. It's giving me the "the requested resource is in use".  I don't think these programs will install in safe mode.  So what do I do now if I cannot even boot up my computer in regular mode?

 

2uonh2d.jpg


Edited by irvineboy, 27 March 2017 - 02:10 PM.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,379 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:29 PM

Posted 27 March 2017 - 02:39 PM

Please follow Steps 6-8 of Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html ...then post the requested data in the forum containing the guide.

 

This topic as presented does not include the requested logs, which is a key criterion for posting in the Malware Removal Logs forum.

 

Once that is done, this topic will be closed to avoid confusion.

 

Thanks :).

 

Louis


Edited by hamluis, 27 March 2017 - 02:39 PM.


#4 irvineboy

irvineboy
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 27 March 2017 - 03:25 PM

The issue is that I cannot boot into normal mode.  It gives a bluescreen every single time.

When I try to install any program, it says "The requested resource is in use"  

This happens even in Safe Mode.  It's like something is preventing me from going into Normal Mode and won't let me install or run anything, even in safe mode.

 

2uonh2d.jpg



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:29 PM

Posted 27 March 2017 - 05:38 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,379 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:29 PM

Posted 27 March 2017 - 05:45 PM

:thumbup2:, done, thanks :).

 

Louis



#7 irvineboy

irvineboy
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 27 March 2017 - 09:38 PM

Please see attached

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:29 PM

Posted 27 March 2017 - 10:37 PM

It is going to be several task. Please read these instructions very careful. The reason you are unable to see the Repair My Computer option when you press F8 is because the trojan is not allowing this. Your setup will not help however, as we will need to run two fixes. Move the copy of FRST64 you have to your desktop.

 

Lets first prepare the USB drive to run a fix in the Recovery Environment (RE).

 

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Also download the enclosed file and save it also in the flash drive, next to FRST64.

 

Once done, leave the USB flash drive in the computer, as we will use it in the Recovery Environment.

 

 

Secondly, to allow you to reach the command prompt, download the enclosed file (Different from the above) and save it next to FRST64 in your desktop (not on the USB drive)

  • Start FRST64 On your desktop with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

The computer will restart, if it does not, restart the computer. Do not allow it to complete the boot process. Follow the next set of instructions:

 

 

To enter System Recovery Options from the Advanced Boot Options:

  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Select Command Prompt

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 irvineboy

irvineboy
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 27 March 2017 - 10:53 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Jason (27-03-2017 20:43:43) Run:1
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available Profiles: Jason)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu Yes
CMD: bcdedit.exe /set {current} recoveryenabled Yes
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP: 
Hosts:
Reboot:
*****************
 
 
========= bcdedit.exe /set {bootmgr} displaybootmenu Yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {current} recoveryenabled Yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.
 
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 4194304 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 239278909 B
Java, Flash, Steam htmlcache => 3040 B
Windows/system/drivers => 1048948757 B
Edge => 0 B
Chrome => 116109774 B
Firefox => 34298668 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66708 B
systemprofile32 => 157216 B
LocalService => 0 B
NetworkService => 178880 B
Jason => 2598668808 B
 
RecycleBin => 0 B
EmptyTemp: => 3.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:46:41 ====


#10 irvineboy

irvineboy
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 27 March 2017 - 11:30 PM

I'm having issues booting into the correct Advanced Boot Options.  I have Windows 7

 

When I click F8 during reboot, I now can pick "Windows 7".  The next screen, I can select "Repair Computer".  However, after I select language "English" (there is no option to select US) and click Next, it goes to a Preload Wizard.  It says WARNING: All files on your hard disk partitions will be lost during the recovery process.    

 

My options after clicking Next are:

 

Recover windows to first partition only.

Recover windows to entire HD

Recover windows to entire HD with two partitions

 

I am trying to get to the command prompt but it is taking me to reformat my HD.


Edited by irvineboy, 28 March 2017 - 01:11 AM.


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:29 PM

Posted 28 March 2017 - 06:06 AM

Here are the System Restore Options:
 
system-recovery-options.jpg
 
If you can't reach this thru the Advanced menu, create a Bootable CD as suggested here and boot the computer with that CD, selecting Repair my Computer with it.
 
Read also here for more information. Practice to learn how to reach a command prompt in RE.


Edited by JSntgRvr, 28 March 2017 - 06:08 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:29 PM

Posted 28 March 2017 - 11:50 AM

Download Malwarebytes Anti-Rootkit Supplement from here

Once you have downloaded the tool (contained in a .zip folder), you will need to extract the contents. We recommend extracting to your desktop.
 
To extract the files, locate the zipped folder that you want to unzip (extract) files or folders from. To unzip all the contents of the zipped folder, press and hold (or right-click) the folder, select Extract All, and then follow the instructions. Save them on your desktop

After the files are extracted, double-click the mbar.cmd file. If you are unsure which file this is, try double-clicking both files named mbar - only one of them will run.
 
Update the Database, then click on Next, then on Scan.
  • Let it completes its scan (this can take a while);
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Copy/paste the content of that log in your next reply;

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 irvineboy

irvineboy
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 28 March 2017 - 12:50 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.03.28.05
  rootkit: v2017.03.11.01
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.18617
Jason :: JASON-PC [administrator]
 
3/28/2017 10:15:04 AM
mbar-log-2017-03-28 (10-15-04).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 310507
Time elapsed: 28 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 18
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\surfshieldsrv (Trojan.MalPack) -> Delete on reboot. [bea7e5ea129648ee1bee3c0bb250a25e]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Edge Service Locator (Adware.VideoAbductor) -> Delete on reboot. [a3c26b64c8e0c571f4f01fde20e17c84]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Licensing Updater (Adware.VideoAbductor) -> Delete on reboot. [d1945679d5d341f5da72491ed52c44bc]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [5b0a2da2a602d5613eeaebd4d130c43c]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
 
Registry Values Detected: 13
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Adware.Yelloader) -> Data: "C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [22436e61891f0c2a9f3c413a6f920af6]
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|OMEWPRODUCT_YNR3E (Adware.Tuto4PC) -> Data: "C:\Program Files (x86)\PubHotspot\FL4TILG7WHI8PXT.exe" -> Delete on reboot. [1b4a755a1a8e3402151e478a05fba55b]
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9LPURLFWNL (Adware.Tuto4PC) -> Data: "C:\Program Files\B1S9UYSHGF\WBS3U8G4Y.exe" -> Delete on reboot. [fb6aece3bdebba7c0033dbf633cdea16]
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9LPURLFWNL (Adware.Tuto4PC) -> Data: "C:\Program Files\B1S9UYSHGF\WBS3U8G4Y.exe" -> Delete on reboot. [fb6aece3bdebba7c0033dbf633cdea16]
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9PRQMXKR6R (Adware.Tuto4PC) -> Data: "C:\Program Files\OC3U88TKN1\OC3U88TKN.exe" -> Delete on reboot. [d88d3a95faaec2742f04ca07d22eb749]
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9PRQMXKR6R (Adware.Tuto4PC) -> Data: "C:\Program Files\OC3U88TKN1\OC3U88TKN.exe" -> Delete on reboot. [d88d3a95faaec2742f04ca07d22eb749]
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|i5lXgkMEdC.exe (Trojan.Agent.Generic) -> Data: C:\Program Files\GIMP 2\7K3HJYTGS66R\i5lXgkMEdC.exe -r1_1 -r2_1 -> Delete on reboot. [5c09458a664221151c95b32df010cc34]
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|i5lXgkMEdC.exe (Trojan.Agent.Generic) -> Data: C:\Program Files\GIMP 2\7K3HJYTGS66R\i5lXgkMEdC.exe -r1_1 -r2_1 -> Delete on reboot. [5c09458a664221151c95b32df010cc34]
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MYKGEVLGWN (Adware.Tuto4PC) -> Data: "C:\Program Files\0QZIVXMQH3\U4HQM1C9B.exe" -> Delete on reboot. [a3c24a85c8e0cb6b8ea512bf798742be]
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MYKGEVLGWN (Adware.Tuto4PC) -> Data: "C:\Program Files\0QZIVXMQH3\U4HQM1C9B.exe" -> Delete on reboot. [a3c24a85c8e0cb6b8ea512bf798742be]
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|1ND3VJPOCQ (Adware.Tuto4PC) -> Data: "C:\Program Files\EBT8SKZL8A\EBT8SKZL8.exe" -> Delete on reboot. [184d656acfd96acc0e25904153ad9967]
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|1ND3VJPOCQ (Adware.Tuto4PC) -> Data: "C:\Program Files\EBT8SKZL8A\EBT8SKZL8.exe" -> Delete on reboot. [184d656acfd96acc0e25904153ad9967]
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|produpd (Trojan.Glupteba) -> Data: "C:\Windows\system32\config\systemprofile\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe" /20849 -> Delete on reboot. [e97c428d82267abca7867e0558a8c33d]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 11
C:\Program Files (x86)\PubHotspot (Adware.Tuto4PC) -> Delete on reboot. [590c3f903f69fc3a120a59585ba627d9]
C:\Users\Jason\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\regtool (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Program Files\0QZIVXMQH3 (Adware.Tuto4PC.Generic) -> Delete on reboot. [c2a376596b3d1a1c350904a814ec29d7]
C:\Program Files\B1S9UYSHGF (Adware.Tuto4PC.Generic) -> Delete on reboot. [d3924986a701231370ceb5f7ca361ee2]
C:\Program Files\EBT8SKZL8A (Adware.Tuto4PC.Generic) -> Delete on reboot. [6bfa725d208825111e20fab2ca36b749]
C:\Program Files\OC3U88TKN1 (Adware.Tuto4PC.Generic) -> Delete on reboot. [a4c1755ac1e772c4e15d99138977ef11]
 
Files Detected: 157
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [b82af19ea4f351ab70ceeeec014dcc62]
C:\WINDOWS\SYSTEM32\drivers\NetUtils2016.sys (PUP.Optional.StartGo123) -> Delete on reboot. [9ee21f7d46bd2b0f128e0907babc7d28]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Adware.Yelloader) -> Delete on reboot. [22436e61891f0c2a9f3c413a6f920af6]
C:\Program Files (x86)\PubHotspot\FL4TILG7WHI8PXT.exe (Adware.Tuto4PC) -> Delete on reboot. [1b4a755a1a8e3402151e478a05fba55b]
C:\Program Files\B1S9UYSHGF\WBS3U8G4Y.exe (Adware.Tuto4PC) -> Delete on reboot. [fb6aece3bdebba7c0033dbf633cdea16]
C:\Program Files\OC3U88TKN1\OC3U88TKN.exe (Adware.Tuto4PC) -> Delete on reboot. [d88d3a95faaec2742f04ca07d22eb749]
C:\Program Files\GIMP 2\7K3HJYTGS66R\i5lXgkMEdC.exe (Trojan.Agent.Generic) -> Delete on reboot. [5c09458a664221151c95b32df010cc34]
C:\Program Files\0QZIVXMQH3\U4HQM1C9B.exe (Adware.Tuto4PC) -> Delete on reboot. [a3c24a85c8e0cb6b8ea512bf798742be]
C:\Program Files\EBT8SKZL8A\EBT8SKZL8.exe (Adware.Tuto4PC) -> Delete on reboot. [184d656acfd96acc0e25904153ad9967]
C:\Windows\SysWOW64\SurfShield.exe (Trojan.MalPack) -> Delete on reboot. [bea7e5ea129648ee1bee3c0bb250a25e]
C:\Windows\SysWOW64\msrid.exe (Adware.VideoAbductor) -> Delete on reboot. [a3c26b64c8e0c571f4f01fde20e17c84]
C:\Windows\SysWOW64\mqls.exe (Adware.VideoAbductor) -> Delete on reboot. [d1945679d5d341f5da72491ed52c44bc]
C:\Program Files\0QZIVXMQH3\uninstaller.exe (Adware.Tuto4PC) -> Delete on reboot. [6302329dccdcaa8cca69953c36ca847c]
C:\Program Files\B1S9UYSHGF\uninstaller.exe (Adware.Tuto4PC) -> Delete on reboot. [afb69a355b4d87af58dbfad73cc48f71]
C:\Program Files\EBT8SKZL8A\uninstaller.exe (Adware.Tuto4PC) -> Delete on reboot. [590cbf107434e6505ad9d100bf41837d]
C:\Program Files\OC3U88TKN1\uninstaller.exe (Adware.Tuto4PC) -> Delete on reboot. [8dd84e81b5f3e155949f7061de22da26]
C:\Program Files (x86)\PubHotspot\PublicHotspot.exe (Adware.Hostify) -> Delete on reboot. [095c943bfdab73c303fb2abd1be520e0]
C:\Program Files (x86)\PubHotspot\uninstaller.exe (Adware.Tuto4PC) -> Delete on reboot. [3f2605cac7e1d3630e25c40d8b75b64a]
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> Delete on reboot. [79ec448b4b5dbd79293bd6777c867090]
C:\Windows\SysWOW64\rmstec.exe (Adware.VideoAbductor) -> Delete on reboot. [4322c40b45630e28c22143ba639e9c64]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Adware.Yelloader) -> Delete on reboot. [f372b91641672d09780aadcaef12649c]
C:\Users\Jason\AppData\Local\ntuserlitelist\winscr\winscr.exe (Adware.Yelloader) -> Delete on reboot. [b7ae8a45594fe056aed30374e91806fa]
C:\Program Files (x86)\PubHotspot\config.conf (Adware.Tuto4PC) -> Delete on reboot. [590c3f903f69fc3a120a59585ba627d9]
C:\Program Files (x86)\PubHotspot\FL4TILG7WHI8PXT.exe.config (Adware.Tuto4PC) -> Delete on reboot. [590c3f903f69fc3a120a59585ba627d9]
C:\Program Files (x86)\PubHotspot\Interop.NATUPNPLib.dll (Adware.Tuto4PC) -> Delete on reboot. [590c3f903f69fc3a120a59585ba627d9]
C:\Program Files (x86)\PubHotspot\Interop.NETCONLib.dll (Adware.Tuto4PC) -> Delete on reboot. [590c3f903f69fc3a120a59585ba627d9]
C:\Program Files (x86)\PubHotspot\unins000.dat (Adware.Tuto4PC) -> Delete on reboot. [590c3f903f69fc3a120a59585ba627d9]
C:\Program Files (x86)\PubHotspot\unins000.exe (Adware.Tuto4PC) -> Delete on reboot. [590c3f903f69fc3a120a59585ba627d9]
C:\Program Files (x86)\PubHotspot\uninstaller.exe.config (Adware.Tuto4PC) -> Delete on reboot. [590c3f903f69fc3a120a59585ba627d9]
C:\Users\Jason\AppData\Local\ntuserlitelist\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\regtool\regtool.exe (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\cef.pak (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\debug.log (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\svcvmx.log (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak (Trojan.Clicker) -> Delete on reboot. [4a1b9c3374341f17a4a21e272bd7b64a]
C:\Program Files\0QZIVXMQH3\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [c2a376596b3d1a1c350904a814ec29d7]
C:\Program Files\0QZIVXMQH3\U4HQM1C9B.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [c2a376596b3d1a1c350904a814ec29d7]
C:\Program Files\0QZIVXMQH3\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [c2a376596b3d1a1c350904a814ec29d7]
C:\Program Files\B1S9UYSHGF\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [d3924986a701231370ceb5f7ca361ee2]
C:\Program Files\B1S9UYSHGF\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [d3924986a701231370ceb5f7ca361ee2]
C:\Program Files\B1S9UYSHGF\WBS3U8G4Y.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [d3924986a701231370ceb5f7ca361ee2]
C:\Program Files\EBT8SKZL8A\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [6bfa725d208825111e20fab2ca36b749]
C:\Program Files\EBT8SKZL8A\EBT8SKZL8.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [6bfa725d208825111e20fab2ca36b749]
C:\Program Files\EBT8SKZL8A\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [6bfa725d208825111e20fab2ca36b749]
C:\Program Files\OC3U88TKN1\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [a4c1755ac1e772c4e15d99138977ef11]
C:\Program Files\OC3U88TKN1\OC3U88TKN.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [a4c1755ac1e772c4e15d99138977ef11]
C:\Program Files\OC3U88TKN1\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [a4c1755ac1e772c4e15d99138977ef11]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997db921c060b712f6.r30.cf2.rackcdn.com) Good: () -> Replace on reboot. [83e2507f4b5dcd690965cfa3cd34b64a]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (cca6631dac1b4997db921c060b712f6.r30.cf2.ra) Good: () -> Replace on reboot. [c1a4ba15891fb581c8a6571bae53ea16]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (lhost
 
 92.53.119.169 469ba60d9681f961064c-3cc) Good: () -> Replace on reboot. [7ce996397a2e0234e985df930af76e92]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [164f59764365f640432bfb778f72da26]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca66) Good: () -> Replace on reboot. [5b0a4986733572c4422c333f26db6a96]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (t
 
 92.53.119.169 469ba60d9681f961064c-3cca6631da) Good: () -> Replace on reboot. [dd88f9d68f1975c1036b4131b54cbd43]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6631da) Good: () -> Replace on reboot. [5c09b01f8424eb4b57178ae8f40de51b]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (t
 
 92.53.119.169 469ba60d9681f961064c-) Good: () -> Replace on reboot. [79ec3b94495f77bff678d1a18d74748c]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (alhost
 
 92.53.119.169 469ba60d9681f961064c-) Good: () -> Replace on reboot. [b2b3e1ee4c5c76c0f27cfa78758cd927]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (t
 
 92.53.119.169 469ba60d9681f961064c-3c) Good: () -> Replace on reboot. [1055e6e93f69aa8c9ed086ec3ec357a9]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (host
 
 92.53.119.169 469ba60d9681f961064c-3c) Good: () -> Replace on reboot. [3b2aab243e6a0d2965090171a958d42c]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (t
 
 92.53.119.169 469ba60d9681f961064c-3cca) Good: () -> Replace on reboot. [e08586491c8ce84eb6b88be7bb466799]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (st
 
 92.53.119.169 469ba60d9681f961064c-3cca6) Good: () -> Replace on reboot. [1055ece35b4d35018fdfbdb50ef35ea2]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [6203626d4e5a21152c4295dd8b76728e]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca6631da) Good: () -> Replace on reboot. [86df27a87434ca6c9ed00a682fd23cc4]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cca6631dac) Good: () -> Replace on reboot. [ff660bc41791c96d2945056d44bd1ee2]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cca6) Good: () -> Replace on reboot. [d590af201395f24477f7df93dc2511ef]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (host
 
 92.53.119.169 469ba60d9681f96106) Good: () -> Replace on reboot. [e58023ac02a6082e175776fc4cb528d8]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (alhost
 
 92.53.119.169 469ba60d9681f961064c-3cca6) Good: () -> Replace on reboot. [006521ae54540432e68894dea55c9070]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca) Good: () -> Replace on reboot. [580d2aa5ccdca5912f3ff18110f128d8]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (calhost
 
 92.53.119.169 469ba60d9681f961064c-3cca663) Good: () -> Replace on reboot. [3035dff0b7f1290db4ba5c1620e1c040]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631dac1) Good: () -> Replace on reboot. [2d383c93ccdc1e1897d78be71de49c64]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [9fc6725df9afbe78056993df24dd1ee2]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (host
 
 92.53.119.169 469ba60d9681f961064c-) Good: () -> Replace on reboot. [04612da2d6d2d75ffd71373bca37b44c]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (ost
 
 92.53.119.169 469ba60d9681f961064c-) Good: () -> Replace on reboot. [80e518b722860f271d517002c23f14ec]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (host
 
 92.53.119.169 469ba60d9681f961064c-3) Good: () -> Replace on reboot. [5f06ffd0e0c8ff37cba3abc72ed3cf31]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (st
 
 92.53.119.169 469ba60d9681f961064c-3) Good: () -> Replace on reboot. [0a5b04cb594f043279f51e5457aae61a]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (ost
 
 92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [2045824df5b3191dc3ab84ee60a19b65]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca663) Good: () -> Replace on reboot. [4025745b307862d4c7a7ec86936efc04]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (ost
 
 92.53.119.169 469ba60d9681f961064c-3cc) Good: () -> Replace on reboot. [32337857baee072f3737d69cff0229d7]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (st
 
 92.53.119.169 469ba60d9681f961064c-3cc) Good: () -> Replace on reboot. [e2839936aefa0135c6a8f37f0df47f81]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (host
 
 92.53.119.169 469ba60d9681f961064c) Good: () -> Replace on reboot. [2c394c8393153df975f987ebd9282cd4]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (host
 
 92.53.119.169 469ba60d9681f961064c-3cc) Good: () -> Replace on reboot. [acb94887a80039fdcca20d65f908bf41]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3c) Good: () -> Replace on reboot. [65009d325751ab8b74fa1959e021aa56]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (lhost
 
 92.53.119.169 469ba60d9681f961064c-3) Good: () -> Replace on reboot. [a9bc379843659e989fcf096920e147b9]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (t
 
 92.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [12538d429711f244bbb3c9a955aca35d]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [b5b0d5fa179149ed145a4131f908639d]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (st
 
 92.53.119.169 469ba60d9681f961064c-3cca) Good: () -> Replace on reboot. [ff6621aeb3f5fc3a412dabc77889f20e]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (t
 
 92.53.119.169 469ba60d9681f961064c-3cca6) Good: () -> Replace on reboot. [92d3a629a10747efb2bc581abf42f907]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (t
 
 92.53.119.169 469ba60d9681f961064c-3cca663) Good: () -> Replace on reboot. [e085ebe4cbdd979f1757ee849a6733cd]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cca663) Good: () -> Replace on reboot. [5d08903f9a0ef2445717e68c05fc31cf]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca663) Good: () -> Replace on reboot. [0d58309fb7f1f64088e677fbbc45a65a]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cca6631da) Good: () -> Replace on reboot. [9fc6a22d6543bd790965cfa3e41d3ac6]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b499) Good: () -> Replace on reboot. [5213b41b515748ee5f0fe58ddd241ce4]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631dac1b4997db921c) Good: () -> Replace on reboot. [6104d1fe456353e36806c9a96899c43c]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631dac1) Good: () -> Replace on reboot. [92d3913e02a6b97d9fcf373b42bf7090]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (ost
 
 92.53.119.169 469ba60d9681f961064c-3) Good: () -> Replace on reboot. [293c903f9513191df579541eb54ca759]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (ost
 
 92.53.119.169 469ba60d9681f961064c-3cca6) Good: () -> Replace on reboot. [8dd8814e802880b6244a700238c908f8]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca66) Good: () -> Replace on reboot. [5510a7281e8a3600c3abda98b948d62a]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (st
 
 92.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [620328a72c7c41f5a7c70f63e51cc937]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca6631dac1) Good: () -> Replace on reboot. [a3c2e6e98226ce6892dcfb7748b92ed2]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca663) Good: () -> Replace on reboot. [c5a022ad54540036323c1b574cb537c9]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (lhost
 
 92.53.119.169 469ba60d9681f961064c-3cca) Good: () -> Replace on reboot. [c1a4e2ed6e3a79bd94da640ed52cb947]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [8ed76669bfe9ee48bcb21f53cb36e719]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (st
 
 92.53.119.169 469ba60d9681f961064) Good: () -> Replace on reboot. [78ed418e5c4cc37388e693dfdd24eb15]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (calhost
 
 92.53.119.169 469ba60d9681f9610) Good: () -> Replace on reboot. [f86da72865432a0cafbff37f19e823dd]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (host
 
 92.53.119.169 469ba60d9681f961064c-3cca6) Good: () -> Replace on reboot. [eb7a03cc3e6ab0865a14f28034cdb749]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [b4b1ffd01f891026e5893a38c140ea16]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cc) Good: () -> Replace on reboot. [6ef7953aceda88ae0f5f9dd5837e23dd]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (st
 
 92.53.119.169 469ba60d9681f961064c-3cca66) Good: () -> Replace on reboot. [2f36e1eefbad6ec81f4f571bf30edc24]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b) Good: () -> Replace on reboot. [bfa6cd02c6e264d28de175fdb34e6898]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [f76e1bb4f4b49c9a66080969a55ccb35]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (host
 
 92.53.119.169 469ba60d9681f9610) Good: () -> Replace on reboot. [e87dbe118622999d115d294923de4bb5]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (calhost
 
 92.53.119.169 469ba60d9681f961064c-) Good: () -> Replace on reboot. [3d287857d8d00d2993db74fe7c85ae52]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca663) Good: () -> Replace on reboot. [e2833c93ebbd04322747cea4a45d4eb2]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (t
 
 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b) Good: () -> Replace on reboot. [2e37646b1a8e76c084ea6c0669980000]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631da) Good: () -> Replace on reboot. [95d017b80f99d75fd995bab860a1eb15]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (host
 
 92.53.119.169 469ba60d9681f961064c-3cca6631dac) Good: () -> Replace on reboot. [531212bda701bd79b5b9126022dfd32d]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631dac1b4997db9) Good: () -> Replace on reboot. [3035ac238d1bee48442ad49e5da415eb]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [ed785976495f57dfdf8f284acd345ba5]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (ost
 
 92.53.119.169 469ba60d9681f961064) Good: () -> Replace on reboot. [9fc6f1defdab65d1a1cdd9999c659e62]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (alhost
 
 92.53.119.169 469ba60d9681f96106) Good: () -> Replace on reboot. [bea7aa256b3d85b1a9c58ee404fdc13f]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (alhost
 
 92.53.119.169 469ba60d9681f961064c-3c) Good: () -> Replace on reboot. [085d715edacea98d402edb97f011c739]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [8bdaefe0763239fdf57996dc46bbad53]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (st
 
 92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [7beabf106d3bbd793b33670b28d916ea]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cc) Good: () -> Replace on reboot. [f273309fc7e172c4521ce88a70917a86]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (calhost
 
 92.53.119.169 469ba60d9681f96106) Good: () -> Replace on reboot. [67fed5fa3e6af145db93cfa3c33ea957]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (ost
 
 92.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [41244b845157cc6ae38bbbb7847dfd03]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b4) Good: () -> Replace on reboot. [68fdcc036c3c0b2b79f582f03ac74bb5]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (2.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997db) Good: () -> Replace on reboot. [c79e7b5418900630ea84ea8837ca03fd]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (2.53.119.169 469ba60d9681f961064c-3cca6631dac1) Good: () -> Replace on reboot. [d98c0ec1dbcd5bdb224cdb97827f926e]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (t
 
 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b49) Good: () -> Replace on reboot. [e481a52a55534aece48acfa30ef3aa56]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (3.119.169 469ba60d9681f961064c-3cca6631dac1b4) Good: () -> Replace on reboot. [b1b4e8e7e7c12c0a026c155dab56c739]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b) Good: () -> Replace on reboot. [d88d3e916d3b33033b33d69caa5756aa]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cca66) Good: () -> Replace on reboot. [155029a6d7d1a096cba3acc6966b4eb2]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 92.53.119.169 469ba60d9681f961064c-3cca66) Good: () -> Replace on reboot. [8dd8d1fe109884b2b0be89e92ed33dc3]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (alhost
 
 92.53.119.169 469ba60d9681f961064c-3cc) Good: () -> Replace on reboot. [422323ac82267eb8e18db9b9a55c7e82]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (host
 
 92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [bda856792e7a93a395d982f0fd0429d7]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631dac1b4) Good: () -> Replace on reboot. [f372dbf47a2e76c0dd916e0451b0e719]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca6) Good: () -> Replace on reboot. [f0755e71ccdc59dd1b530270f40da060]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997) Good: () -> Replace on reboot. [a4c1e7e8bbedbe785a145f135da4629e]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631da) Good: () -> Replace on reboot. [3134d0ffdbcd46f0244a442eac557d83]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
 
 92.53.119.169 469ba60d9681f961064c-3cca) Good: () -> Replace on reboot. [3e27507f44642b0b5915d999c63b37c9]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:29 PM

Posted 28 March 2017 - 01:01 PM

Download the attached file and save it in the same directory FRST64 is saved.
  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 irvineboy

irvineboy
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 28 March 2017 - 03:15 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Jason (28-03-2017 13:10:15) Run:2
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available Profiles: Jason)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [PowerSkin] => c:\windows\temp\PowerSkin\PowerSkin.exe <===== ATTENTION 
HKLM\...\Run: [DisableS3S4] => c:\windows\temp\DisableS3S464\sethigh.cmd <===== ATTENTION 
HKLM-x32\...\Run: [AppHelper2.exe] => C:\Users\Jason\AppData\Local\Temp\AppHelper2.exe <===== ATTENTION 
HKLM-x32\...\Run: [accelerator] => C:\Users\Jason\AppData\Local\Temp\accelerator.exe /start <===== ATTENTION 
HKLM-x32\...\Run: [cpx] => "C:\Users\Jason\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION 
HKLM\...\RunOnce: [OMEWPRODUCT_YNR3E] => C:\Program Files (x86)\PubHotspot\FL4TILG7WHI8PXT.exe [69120 2017-03-27] (W2Q7GA4TP) <===== ATTENTION 
HKU\S-1-5-21-616515737-2173210804-205294457-1001\...\Run: [Anworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jason\AppData\Local\Ocnics\HpzrGLg54.dll <===== ATTENTION 
HKU\S-1-5-18\...\Run: [asgsys] => rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\asgsys.dll",asgsys <===== ATTENTION 
HKU\S-1-5-18\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <===== ATTENTION 
HKU\S-1-5-18\...\Run: [produpd] => "C:\Windows\system32\config\systemprofile\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe" /20849 <===== ATTENTION 
GroupPolicy: Restriction <======= ATTENTION 
S2 windowsmanagementservice; C:\Windows\SysWOW64\config\systemprofile\AppData\Local\microlabs\ct.exe [852480 2017-03-27] () [File not signed] <==== ATTENTION 
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-27] () [File not signed] <==== ATTENTION 
R1 NetUtils2016; C:\Windows\system32\drivers\NetUtils2016.sys [909944 2017-03-27] () <==== ATTENTION 
Ace Stream Media 3.1.6 (HKU\S-1-5-21-616515737-2173210804-205294457-1001\...\AceStream) (Version: 3.1.6 - Ace Stream Media) <==== ATTENTION 
AnonymizerGadget (HKU\.DEFAULT\...\AnonymizerGadget) (Version: 1 - Jetico lim) <==== ATTENTION 
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version:  - ) <==== ATTENTION 
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION 
Task: {2F960698-189D-4D2A-A728-031B124CE856} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION 
Task: {42C10484-4536-4DC1-9651-DE0BE535EC76} - System32\Tasks\{D539D504-6292-62AF-DCB8-B2475D1CBF2F} => C:\ProgramData\{E66DF2D9-51C6-4572-1DBF-BCC4FBD055E9}\B5051B9C-02AE-AC37-2E3A-0F8E9BC783A6.exe  <==== ATTENTION 
Task: {9600A130-141B-429F-94B4-294397C75442} - System32\Tasks\{B6EA408C-9385-597E-F4E2-87868F1C391F} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\e2df52be\cf8f6a98.dll" <==== ATTENTION 
Task: {AB837C30-461B-44DA-9642-F094B56F570D} - System32\Tasks\{7EEC81A1-1D14-28F5-783C-114D3208F123} => C:\Users\Jason\AppData\Local\7EEC81~1\SYNCVE~1.EXE  <==== ATTENTION 
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION 
Task: {B6F39608-2E17-41B9-882F-0160345150DB} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION 
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION 
Task: {E22EEEB3-186F-48E8-AE91-44E1BBC17D91} - \{790A7E47-087D-040C-7F11-050F04091109} -> No File <==== ATTENTION 
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION 
Task: C:\Windows\Tasks\{7EEC81A1-1D14-28F5-783C-114D3208F123}.job => C:\Users\Jason\AppData\Local\7EEC81~1\SYNCVE~1.EXE <==== ATTENTION 
HKU\.DEFAULT\Software\Classes\76c822b8: "C:\Windows\system32\mshta.exe" "javascript:wq7mq="sJS";zd3=new ActiveXObject("WScript.Shell");Cb80mmNB="hMBrv";R0hTl=zd3.RegRead("HKCU\\software\\icdv\\hurzbfb");Ka14uSN="hFpMM";eval(R0hTl);xKX3pD6f="uS";" <===== ATTENTION 
FF Plugin: @microsoft.com/GENUINE -> disabled [No File] 
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] 
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File] 
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [No File] 
HKLM-x32\...\Run: [svcvmx] => C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] ()
HKLM\...\RunOnce: [OMEWPRODUCT_YNR3E] => C:\Program Files (x86)\PubHotspot\FL4TILG7WHI8PXT.exe [69120 2017-03-27] (W2Q7GA4TP) <===== ATTENTION
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\microlabs\ct.exe
C:\Program Files (x86)\PubHotspot\FL4TILG7WHI8PXT.exe
C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx
C:\Users\Jason\AppData\Local\Temp\AppHelper2.exe
C:\Users\Jason\AppData\Local\Temp\accelerator.exe /start
C:\Users\Jason\AppData\Local\ntuserlitelist\cpx
2017-03-10 12:14 - 2017-03-10 12:14 - 0000000 _____ () C:\Users\Jason\AppData\Roaming\0000.txt
2017-03-10 12:02 - 2017-03-10 12:02 - 0140288 _____ () C:\Users\Jason\AppData\Roaming\Installer.dat
2017-03-10 12:36 - 2017-03-10 12:36 - 0018432 _____ () C:\Users\Jason\AppData\Roaming\Main.dat
2017-03-10 12:14 - 2017-03-10 12:14 - 0027136 _____ () C:\Users\Jason\AppData\Roaming\qrcodelib.dll
2017-03-10 12:14 - 2017-03-10 12:14 - 0007292 _____ () C:\Users\Jason\AppData\Roaming\qrcodelib.lib
2017-03-10 12:14 - 2017-03-10 12:14 - 0089088 _____ () C:\Users\Jason\AppData\Roaming\setup_vertech.exe
2016-05-23 08:47 - 2017-03-27 10:05 - 0000380 _____ () C:\Users\Jason\AppData\Roaming\sp_data.sys
2017-03-10 12:14 - 2017-03-10 12:14 - 0015086 _____ () C:\Users\Jason\AppData\Roaming\test.ico
2016-10-26 00:17 - 2016-11-29 01:17 - 0000218 _____ () C:\Users\Jason\AppData\Roaming\WB.CFG
2017-01-22 22:12 - 2017-01-22 22:12 - 0001353 _____ () C:\Users\Jason\AppData\Local\recently-used.xbel
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 HWifiNetPro; \??\C:\Program Files (x86)\Hotspot\HWifiNetPro64.SYS [X]
S2 ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys [X]
2016-07-08 13:01 - 2016-07-08 13:01 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2016-05-25 17:00 - 2016-05-25 17:00 - 0000256 _____ () C:\ProgramData\FastPics.log
2016-05-29 13:29 - 2017-03-18 00:09 - 0000756 _____ () C:\ProgramData\lxeb.log
2016-06-03 17:58 - 2016-09-20 11:26 - 0016820 _____ () C:\ProgramData\lxebJSW.log
2016-05-25 16:44 - 2017-03-27 11:58 - 0019894 _____ () C:\ProgramData\lxebscan.log
2016-07-08 13:01 - 2016-07-08 13:01 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2016-11-18 16:41 - 2017-02-11 23:53 - 0000789 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-02-21 21:02 - 2017-02-21 21:02 - 0386365 _____ () C:\ProgramData\SPL1606.tmp
2016-12-07 22:43 - 2016-12-07 22:43 - 0941553 _____ () C:\ProgramData\SPL2959.tmp
2016-07-22 19:28 - 2016-07-22 19:28 - 0443924 _____ () C:\ProgramData\SPL85DF.tmp
2017-01-16 14:05 - 2017-01-16 14:05 - 0241495 _____ () C:\ProgramData\SPLB4CB.tmp
2016-10-04 16:22 - 2016-10-04 16:22 - 0698857 _____ () C:\ProgramData\SPLB706.tmp
2016-11-04 12:39 - 2016-11-04 12:39 - 0141227 _____ () C:\ProgramData\SPLBDB1.tmp
2016-11-22 12:37 - 2016-11-22 12:37 - 0143078 _____ () C:\ProgramData\SPLBFB9.tmp
2016-11-15 23:14 - 2016-11-15 23:14 - 0656518 _____ () C:\ProgramData\SPLC762.tmp
2016-06-03 17:58 - 2016-06-03 17:58 - 0176348 _____ () C:\ProgramData\SPLC7B1.tmp
2016-09-26 17:09 - 2016-09-26 17:09 - 0678049 _____ () C:\ProgramData\SPLD689.tmp
2016-10-09 22:27 - 2016-10-09 22:27 - 0383369 _____ () C:\ProgramData\SPLD693.tmp
2016-10-24 20:07 - 2016-10-24 20:07 - 0974986 _____ () C:\ProgramData\SPLE2E9.tmp
2017-02-15 17:05 - 2017-02-15 17:05 - 35031442 _____ () C:\ProgramData\SPLED7D.tmp
2016-05-25 16:43 - 2016-05-25 16:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2016-05-22 14:31 - 2016-05-22 14:32 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2016-05-22 14:30 - 2016-05-22 14:31 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2016-05-22 14:30 - 2016-05-22 14:30 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION 
Task: {2F960698-189D-4D2A-A728-031B124CE856} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION 
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION 
Task: {B6F39608-2E17-41B9-882F-0160345150DB} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION 
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION 
Task: {E22EEEB3-186F-48E8-AE91-44E1BBC17D91} - \{790A7E47-087D-040C-7F11-050F04091109} -> No File <==== ATTENTION 
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION 
HKLM-x32\...\Run: [AppHelper2.exe] => C:\Users\Jason\AppData\Local\Temp\AppHelper2.exe <===== ATTENTION 
HKLM-x32\...\Run: [accelerator] => C:\Users\Jason\AppData\Local\Temp\accelerator.exe /start <===== ATTENTION 
C:\Program Files (x86)\PubHotspot\FL4TILG7WHI8PXT.exe
C:\Windows\Tasks\{0C365B69-DF04-18DB-6F70-64537A1722AB}.job
C:\Windows\Tasks\{7EEC81A1-1D14-28F5-783C-114D3208F123}.job
2013-08-05 23:59 - 2013-08-05 23:59 - 0047720 _____ () C:\Users\Jason\AppData\Local\Temp\AxSFADownloader.exe 
2017-03-10 12:14 - 2017-03-10 12:14 - 34601632 _____ (Kingsoft Corporation) C:\Users\Jason\AppData\Local\Temp\duba_u44036853_sv1_3_609.exe 
2017-03-10 07:36 - 2017-03-10 07:36 - 2795968 _____ (Lead IT) C:\Users\Jason\AppData\Local\Temp\KDNQItg9-prog.exe 
2017-02-27 21:37 - 2016-10-11 08:18 - 1114112 _____ (Microsoft Corporation) C:\Users\Jason\AppData\Local\Temp\kernel32.dll 
2017-03-27 10:17 - 2017-03-27 10:17 - 7469104 _____ (Gold Click Ltd                                              ) C:\Users\Jason\AppData\Local\Temp\offer17pg.exe 
2017-03-25 15:40 - 2017-03-25 15:40 - 0000000 _____ () C:\Users\Jason\AppData\Local\Temp\pi5263.tmp.exe 
2017-03-25 14:33 - 2017-03-25 14:33 - 0000000 _____ () C:\Users\Jason\AppData\Local\Temp\pi74A3.tmp.exe 
2017-03-25 16:10 - 2017-03-25 16:10 - 0000000 _____ () C:\Users\Jason\AppData\Local\Temp\piCBF6.tmp.exe 
2017-03-25 15:03 - 2017-03-25 15:03 - 0000000 _____ () C:\Users\Jason\AppData\Local\Temp\piEE83.tmp.exe 
2016-08-29 13:10 - 2017-03-04 00:23 - 2116112 _____ (DVDFab) C:\Users\Jason\AppData\Local\Temp\setup.exe 
2017-03-08 22:32 - 2017-03-08 22:32 - 14456872 _____ (Microsoft Corporation) C:\Users\Jason\AppData\Local\Temp\vc_redist.x86.exe 
2017-03-10 12:08 - 2017-03-27 10:15 - 00000000 ____D C:\Windows\SysWOW64\tmp 
2017-03-10 00:28 - 2017-03-10 00:28 - 00000000 ____H C:\Windows\system32\BIT7E0B.tmp 
2017-03-10 00:28 - 2017-03-10 00:28 - 00000000 ____D C:\Windows\SysWOW64\sstmp 
2017-03-10 00:28 - 2017-03-10 00:28 - 00000000 ____D C:\Windows\system32\sstmp 
2017-02-21 21:02 - 2017-02-21 21:02 - 0386365 _____ () C:\ProgramData\SPL1606.tmp 
2016-12-07 22:43 - 2016-12-07 22:43 - 0941553 _____ () C:\ProgramData\SPL2959.tmp 
2016-07-22 19:28 - 2016-07-22 19:28 - 0443924 _____ () C:\ProgramData\SPL85DF.tmp 
2017-01-16 14:05 - 2017-01-16 14:05 - 0241495 _____ () C:\ProgramData\SPLB4CB.tmp 
2016-10-04 16:22 - 2016-10-04 16:22 - 0698857 _____ () C:\ProgramData\SPLB706.tmp 
2016-11-04 12:39 - 2016-11-04 12:39 - 0141227 _____ () C:\ProgramData\SPLBDB1.tmp 
2016-11-22 12:37 - 2016-11-22 12:37 - 0143078 _____ () C:\ProgramData\SPLBFB9.tmp 
2016-11-15 23:14 - 2016-11-15 23:14 - 0656518 _____ () C:\ProgramData\SPLC762.tmp 
2016-06-03 17:58 - 2016-06-03 17:58 - 0176348 _____ () C:\ProgramData\SPLC7B1.tmp 
2016-09-26 17:09 - 2016-09-26 17:09 - 0678049 _____ () C:\ProgramData\SPLD689.tmp 
2016-10-09 22:27 - 2016-10-09 22:27 - 0383369 _____ () C:\ProgramData\SPLD693.tmp 
2016-10-24 20:07 - 2016-10-24 20:07 - 0974986 _____ () C:\ProgramData\SPLE2E9.tmp 
2017-02-15 17:05 - 2017-02-15 17:05 - 35031442 _____ () C:\ProgramData\SPLED7D.tmp 
2017-03-25 15:40 - 2017-03-25 15:40 - 0000000 _____ () C:\Users\Jason\AppData\Local\Temp\pi5263.tmp.exe 
2017-03-25 14:33 - 2017-03-25 14:33 - 0000000 _____ () C:\Users\Jason\AppData\Local\Temp\pi74A3.tmp.exe 
2017-03-25 16:10 - 2017-03-25 16:10 - 0000000 _____ () C:\Users\Jason\AppData\Local\Temp\piCBF6.tmp.exe 
2017-03-25 15:03 - 2017-03-25 15:03 - 0000000 _____ () C:\Users\Jason\AppData\Local\Temp\piEE83.tmp.exe 
CMD: bcdedit.exe /set {bootmgr} displaybootmenu Yes
CMD: bcdedit.exe /set {current} bootstatuspolicy DisplayAllFailures
CMD: bcdedit.exe /set {current} recoveryenabled Yes
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP: 
Hosts:
Reboot:
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PowerSkin => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DisableS3S4 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AppHelper2.exe => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\accelerator => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_YNR3E => value not found.
HKU\S-1-5-21-616515737-2173210804-205294457-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Anworks => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\asgsys => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\produpd => value not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
windowsmanagementservice => service not found.
drmkpro64 => service not found.
NetUtils2016 => service not found.
Ace Stream Media 3.1.6 (HKU\S-1-5-21-616515737-2173210804-205294457-1001\...\AceStream) (Version: 3.1.6 - Ace Stream Media) <==== ATTENTION => Error: No automatic fix found for this entry.
AnonymizerGadget (HKU\.DEFAULT\...\AnonymizerGadget) (Version: 1 - Jetico lim) <==== ATTENTION => Error: No automatic fix found for this entry.
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F960698-189D-4D2A-A728-031B124CE856} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F960698-189D-4D2A-A728-031B124CE856} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42C10484-4536-4DC1-9651-DE0BE535EC76} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42C10484-4536-4DC1-9651-DE0BE535EC76} => key removed successfully
C:\Windows\System32\Tasks\{D539D504-6292-62AF-DCB8-B2475D1CBF2F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D539D504-6292-62AF-DCB8-B2475D1CBF2F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9600A130-141B-429F-94B4-294397C75442} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9600A130-141B-429F-94B4-294397C75442} => key removed successfully
C:\Windows\System32\Tasks\{B6EA408C-9385-597E-F4E2-87868F1C391F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B6EA408C-9385-597E-F4E2-87868F1C391F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB837C30-461B-44DA-9642-F094B56F570D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB837C30-461B-44DA-9642-F094B56F570D} => key removed successfully
C:\Windows\System32\Tasks\{7EEC81A1-1D14-28F5-783C-114D3208F123} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7EEC81A1-1D14-28F5-783C-114D3208F123} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6F39608-2E17-41B9-882F-0160345150DB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6F39608-2E17-41B9-882F-0160345150DB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E22EEEB3-186F-48E8-AE91-44E1BBC17D91} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E22EEEB3-186F-48E8-AE91-44E1BBC17D91} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{790A7E47-087D-040C-7F11-050F04091109} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
C:\Windows\Tasks\{7EEC81A1-1D14-28F5-783C-114D3208F123}.job => moved successfully
HKU\.DEFAULT\Software\Classes\76c822b8 => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@kingsfot.com/npkws => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_YNR3E => value not found.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\microlabs\ct.exe" => not found.
"C:\Program Files (x86)\PubHotspot\FL4TILG7WHI8PXT.exe" => not found.
"C:\Users\Jason\AppData\Local\ntuserlitelist\svcvmx" => not found.
"C:\Users\Jason\AppData\Local\Temp\AppHelper2.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\accelerator.exe /start" => not found.
"C:\Users\Jason\AppData\Local\ntuserlitelist\cpx" => not found.
C:\Users\Jason\AppData\Roaming\0000.txt => moved successfully
C:\Users\Jason\AppData\Roaming\Installer.dat => moved successfully
C:\Users\Jason\AppData\Roaming\Main.dat => moved successfully
C:\Users\Jason\AppData\Roaming\qrcodelib.dll => moved successfully
C:\Users\Jason\AppData\Roaming\qrcodelib.lib => moved successfully
C:\Users\Jason\AppData\Roaming\setup_vertech.exe => moved successfully
C:\Users\Jason\AppData\Roaming\sp_data.sys => moved successfully
C:\Users\Jason\AppData\Roaming\test.ico => moved successfully
C:\Users\Jason\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Jason\AppData\Local\recently-used.xbel => moved successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HWifiNetPro => service not found.
HKLM\System\CurrentControlSet\Services\ksapi64 => key removed successfully
ksapi64 => service removed successfully
C:\ProgramData\cmn_upld.log => moved successfully
C:\ProgramData\FastPics.log => moved successfully
C:\ProgramData\lxeb.log => moved successfully
C:\ProgramData\lxebJSW.log => moved successfully
C:\ProgramData\lxebscan.log => moved successfully
C:\ProgramData\LxWbGwLog.log => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => moved successfully
C:\ProgramData\SPL1606.tmp => moved successfully
C:\ProgramData\SPL2959.tmp => moved successfully
C:\ProgramData\SPL85DF.tmp => moved successfully
C:\ProgramData\SPLB4CB.tmp => moved successfully
C:\ProgramData\SPLB706.tmp => moved successfully
C:\ProgramData\SPLBDB1.tmp => moved successfully
C:\ProgramData\SPLBFB9.tmp => moved successfully
C:\ProgramData\SPLC762.tmp => moved successfully
C:\ProgramData\SPLC7B1.tmp => moved successfully
C:\ProgramData\SPLD689.tmp => moved successfully
C:\ProgramData\SPLD693.tmp => moved successfully
C:\ProgramData\SPLE2E9.tmp => moved successfully
C:\ProgramData\SPLED7D.tmp => moved successfully
C:\ProgramData\UpdaterLog.txt => moved successfully
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F960698-189D-4D2A-A728-031B124CE856} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6F39608-2E17-41B9-882F-0160345150DB} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E22EEEB3-186F-48E8-AE91-44E1BBC17D91} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{790A7E47-087D-040C-7F11-050F04091109} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key not found. 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AppHelper2.exe => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\accelerator => value not found.
"C:\Program Files (x86)\PubHotspot\FL4TILG7WHI8PXT.exe" => not found.
C:\Windows\Tasks\{0C365B69-DF04-18DB-6F70-64537A1722AB}.job => moved successfully
"C:\Windows\Tasks\{7EEC81A1-1D14-28F5-783C-114D3208F123}.job" => not found.
"C:\Users\Jason\AppData\Local\Temp\AxSFADownloader.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\duba_u44036853_sv1_3_609.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\KDNQItg9-prog.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\kernel32.dll" => not found.
"C:\Users\Jason\AppData\Local\Temp\offer17pg.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\pi5263.tmp.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\pi74A3.tmp.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\piCBF6.tmp.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\piEE83.tmp.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\setup.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\vc_redist.x86.exe" => not found.
C:\Windows\SysWOW64\tmp => moved successfully
C:\Windows\system32\BIT7E0B.tmp => moved successfully
C:\Windows\SysWOW64\sstmp => moved successfully
C:\Windows\system32\sstmp => moved successfully
"C:\ProgramData\SPL1606.tmp" => not found.
"C:\ProgramData\SPL2959.tmp" => not found.
"C:\ProgramData\SPL85DF.tmp" => not found.
"C:\ProgramData\SPLB4CB.tmp" => not found.
"C:\ProgramData\SPLB706.tmp" => not found.
"C:\ProgramData\SPLBDB1.tmp" => not found.
"C:\ProgramData\SPLBFB9.tmp" => not found.
"C:\ProgramData\SPLC762.tmp" => not found.
"C:\ProgramData\SPLC7B1.tmp" => not found.
"C:\ProgramData\SPLD689.tmp" => not found.
"C:\ProgramData\SPLD693.tmp" => not found.
"C:\ProgramData\SPLE2E9.tmp" => not found.
"C:\ProgramData\SPLED7D.tmp" => not found.
"C:\Users\Jason\AppData\Local\Temp\pi5263.tmp.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\pi74A3.tmp.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\piCBF6.tmp.exe" => not found.
"C:\Users\Jason\AppData\Local\Temp\piEE83.tmp.exe" => not found.
 
========= bcdedit.exe /set {bootmgr} displaybootmenu Yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {current} bootstatuspolicy DisplayAllFailures =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {current} recoveryenabled Yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3335421 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5185042 B
Edge => 0 B
Chrome => 39195727 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 2658 B
Jason => 73815 B
 
RecycleBin => 3975 B
EmptyTemp: => 57.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:11:46 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users